ISSUE-22 (Is SHA1 good enough?): Is sha1 as a DigestMethod strong enough for Widgets digital signatures?
http://www.w3.org/2008/webapps/track/issues/
Raised by: Josh Soref
On product:
The widgets 1.0: Digital Signature specification currently mandates that the DigestValue be calculated using RSA-SHA1(and indicated as such by the DigestMethod). However, weaknesses have been found in SHA1 [1]. So would some other DigestMethod be more appropriate? does it really matter that SHA1 has been "broken" for this use case?
[1] http://www.schneier.com/blog/archives/2005/02/sha1_broken.html